package com.study.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


/*本文件还没有加User 和 Admin 角色
只是为了演示能够输入同样的密码进入不同的访问路径，
证明html、thymeleaf和controller没写错*/

//当前界面打开注解，实现效果：可以使用用户名spring 密码123456去访问 /admin/home /product/info
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                    .and()
                .formLogin()
                    .and()
                .httpBasic();


        ;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.
                inMemoryAuthentication()

                .withUser("spring")
                //如果没有在上面设置加密方式，那么这里必须加上{noop}、{bcrypt}、{sha256}……之类的前缀，其中{noop}表示明文
                .password("{noop}123456").roles("USER");

    }
}
